NASA under ‘significantly increasing’ hacking, phishing attacks

NASA has seen "significantly increasing" malicious activity from both nation-state hackers and cybercriminals targeting the US space agency's systems and personnel working from home during the COVID-19 pandemic.

Mitigation tools and measures set in place by NASA’s Security Operations Center (SOC) successfully blocked a wave of cyberattacks, the agency reporting double the number of phishing attempts, an exponential increase in malware attacks, and double the number of malicious sites being blocked to protect users from potential malicious attacks.

State-backed hackers behind some recent attacks

"NASA employees and contractors should be aware that nation-states and cybercriminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices," a status report memo issued to all NASA personnel by the Office of the Chief Information Officer says.

"Some of their goals include accessing sensitive information, user names, and passwords, conducting denial of service attacks, spreading disinformation, and carrying out scams."

Threat actors have also been observed increasingly sending malicious emails with the end goal of infecting employees with malware and phishing sensitive info that could later be used to gain access to critical NASA systems and sensitive data.

Among the lures spotted during these phishing attacks, NASA mentions multiple baits related to the novel coronavirus outbreak including requests for donations, tax refunds, safety measures, fake vaccines, updates on virus transmissions, and various disinformation campaigns.

Mobile devices also targeted

Some of these recent attacks are also targeting mobile systems not only desktops as NASA's security experts also found with such mobile attacks also attempting to trick victims into revealing sensitive information.

"This is not specific to computers, there are also phishing attacks occurring against mobile devices with similar lures, such as text messages or advertisements within applications, designed to entice victims to click on links designed to secretly have their sensitive information and account credentials harvested," the memo adds.

Contractors and personnel are advised that these cyberattacks will remain at an elevated or increasing level throughout the pandemic, and NASA recommends caution while using Internet-connected desktops and mobile devices during the COVID-19 outbreak.

"NASA civil servants and contractors are always the first line of defense in identifying and reporting potential threats and should continue to exercise a high-level of vigilance and caution when utilizing NASA electronic devices and personal devices connected to the Internet," the agency adds.

Defense recommendations

NASA suggests taking a closer look at the guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) on defending against social engineering and phishing scams.

This should help make it easier to detect common indicators of phishing attacks, as well as to take the proper measures to prevent becoming a victim of such attacks.

The space agency also advises using your company's VPN to take advantage of any defenses the security team has already set up for the protection of employees working from home during the pandemic.

You should also make sure not to use your personal email or social media accounts on company-issued devices and to be very careful when opening links received via text message, email, or social platforms.

Keeping all devices and software up to date, using only software vetted by your company's security operations team, and always keeping personal or financial info out of email communication channels are other measures you could take to protect against the increasing number of attacks observed lately.

Remote work systems under siege

FBI's Internet Crime Complaint Center (IC3) has also recently issued a public service announcement regarding the increased risk of attacks exploiting the boost in online communication platforms for remote working caused by the SARS-CoV-2 pandemic.

The FBI said at the time that it's expecting a speedup in exploitation attempts of virtual communication environments used by government agencies, private orgs, and home users as a direct result of the COVID-19 outbreak.

"Computer systems and virtual environments provide essential communication services for telework and education, in addition to conducting regular business," the FBI said.

"Cyber actors exploit vulnerabilities in these systems to steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion."

Comments are closed.